virus/trojan help

[vahnn]

OK so i got this wonderful trojan on my computer now thanks to my dad and his porn and been trying like hell to get rid of it.

Basically it gives a system warning msg down by my clock says System Alert:Trojan-spy.win32@mx click here to fix it..
well if i click there it will Download spydawn a fake antispyware program
called spydawn and it gernerates lots of popups and fake sweeps of the computer.

i got Spydawn totally removed from my PC but i cant get the trojan off.
i used a program called Smitfraudfix to get rid of spydawn.

so now the trojan is still giving me pop up msg and balloons that i have spyware( which is fake besides the trojan) and i cant get rid of it at all.

was suggested i am going to have to format my Harddrive which i really dont mind seeing i dont have alot of important info on it but i would like to avoid that if possible. Thank you in advanced for your help if you have a program or osmething that can get rid of it

[killerx]

reformat!!!!!

oh and back up that important info some where else lol.

[Treacherous]

http://www-spybot.net/
Should automatically remove it.

http://hijack-this.org/
If spybot doesn't work and you know what you are doing...you can manually remove it, use at your own risk though.

[Keno]

AdAware, SpyBot S&D, McAfee, Norton. Nothing I know of has gotten past all four of these. Also, to protect yourself from future shit, Zone Alarm (crack it to get the Pro version.. also has a spyware sweeper in there).

[Keno]

http://www-spybot.net/
Should automatically remove it.

http://hijack-this.org/
If spybot doesn't work and you know what you are doing...you can manually remove it, use at your own risk though.

Dont use his link hes trying to get referral money. Either that or he is an idiot. Just google it and download it from their website or http://www.downloads.com

[Treacherous]

I'd rather have trojans then norton >.>

edit- yeah my bad, I googled that and just picked the top ones...

[vahnn]

k thx guys

[Keno]

I'd rather have trojans then norton >.>

edit- yeah my bad, I googled that and just picked the top ones...

What do you dislike about Norton?

[Treacherous]

The general layout of the program and the constant complaining that it was turned off >.> It's probably just me being picky but prefer AVG.

[Keno]

The general layout of the program and the constant complaining that it was turned off >.> It's probably just me being picky but prefer AVG.

True, the interface and nagging is a problem but as far as effectiveness goes it certainly does the job.

[vahnn]

adware is the only one of the suggested picking it up... but it wont remove it.. Says its fixed and deleted but i still get the pop ups and the little warning sign.

ill have to try the hijacker one or just reformat tommorrow with the 10 hr maint

[Devek]

The general layout of the program and the constant complaining that it was turned off >.> It's probably just me being picky but prefer AVG.

True, the interface and nagging is a problem but as far as effectiveness goes it certainly does the job.

Really? Cause we have to reformat at least 10 computers a week that all have Norton on them.

No anti-virus does "the job".

You are better off without because without you'll be a lot more careful where you go and what you download

[Keno]

The general layout of the program and the constant complaining that it was turned off >.> It's probably just me being picky but prefer AVG.

True, the interface and nagging is a problem but as far as effectiveness goes it certainly does the job.

Really? Cause we have to reformat at least 10 computers a week that all have Norton on them.

No anti-virus does "the job".

You are better off without because without you'll be a lot more careful where you go and what you download

Thats why I mentioned you use four programs AND a software firewall.

[evilbau]

norton is pretty ineffective. get nod32 or kaparsky (sp? lol)

[Melena]

Ok, this is what you need to do to purge this shit off.

First, download and install Trojan Hunter http://www.trojanhunter.com , Spybot, and Adaware. Once there installed and updated, boot into safe mode. Run each of those programs, and once all 3 are run, reboot and go into safe mode again, do this 2-3 times. Once your down to 1-2 items showing up, reboot into normal windows, download and install nod32. Run msconfig, kill all services and startup programs, reboot to flush it out, and run nod32, then trojan hunter, then spybot and adaware. may take a couple more passes, but this should get everything out.

[Devek]

Unless it is a trojan.

Even in safe mode with whatever program you're using it will look for a file like c:\windows\system32\badshit.exe but since it is a trojan it will answer on behalf of the windows kernel and say, "nope! I ain't there!"

If by some magic chance you even knew there was a badshit.exe on your computer, you would be unable to delete it because it is inuse no matter how you decide to start windows. The only way would be to throw the hard drive in another computer or boot from you recovery CD and delete it there.

Almost every good payload of spyware comes with a trojan.. That trojan is responsible for periodically going out on the internet and downloading or updating the spyware/malware packages that it is responsible for.

9 times out of 10 when you delete all the stuff that you could see on a badly infected machine, it all appears again in a few days because the trojan on that machine that was not detected by any single piece of AV because it is TECHNICALLY IMPOSSIBLE for them to know it exists will go back out and reinstall all the crap on there.

[Keno]

Unless it is a trojan.

Even in safe mode with whatever program you're using it will look for a file like c:\windows\system32\badshit.exe but since it is a trojan it will answer on behalf of the windows kernel and say, "nope! I ain't there!"

If by some magic chance you even knew there was a badshit.exe on your computer, you would be unable to delete it because it is inuse no matter how you decide to start windows. The only way would be to throw the hard drive in another computer or boot from you recovery CD and delete it there.

Almost every good payload of spyware comes with a trojan.. That trojan is responsible for periodically going out on the internet and downloading or updating the spyware/malware packages that it is responsible for.

9 times out of 10 when you delete all the stuff that you could see on a badly infected machine, it all appears again in a few days because the trojan on that machine that was not detected by any single piece of AV because it is TECHNICALLY IMPOSSIBLE for them to know it exists will go back out and reinstall all the crap on there.

Thats why you get a firewall that forces to ask permission for any outgoing or inbound internet traffic (yes, one that even queries Windows services).

[Melena]

ehh, dunno about that. Where I work, we charge $145 to get rid of that shit, and if it was coming back after a few days, i'd have quite a few pissed off customers.

[Devek]

Thats why you get a firewall that forces to ask permission for any outgoing or inbound internet traffic (yes, one that even queries Windows services).

Hello! 1998 called...

Beyond the fact a trojan with access with the windows kernel has infinite ways to defeat the "Firewall" completely.. in windows you can allocate memory inside another process, copy your code over, and start a new thread that runs as that process.. windower does this. If windower wanted to reach the internet it would be able to because you already allowed ffxi access to the internet.

Now apply that to a process 99% of people out there allow access to the internet, explorer.exe.

[Keno]

Thats why you get a firewall that forces to ask permission for any outgoing or inbound internet traffic (yes, one that even queries Windows services).

Hello! 1998 called...

Beyond the fact a trojan with access with the windows kernel has infinite ways to defeat the "Firewall" completely.. in windows you can allocate memory inside another process, copy your code over, and start a new thread that runs as that process.. windower does this. If windower wanted to reach the internet it would be able to because you already allowed ffxi access to the internet.

Now apply that to a process 99% of people out there allow access to the internet, explorer.exe.

That's how I nipped it in the butt; I disallowed access on my computer to any internet. I am typing this from a public library. Good day.